Gentilmente qualcuno puo controllarmi il seguente log, grazie.
AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 29/07/2008 19.07.52
Database loaded: signatures - 178646, NN profile(s) - 2, microprograms of healing - 56, signature database released 28.07.2008 21.55
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 71555
Heuristic analyzer mode: Medium heuristics level
Healing mode: disabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=082680)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 80559680
KiST = 804E26A8 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
\driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = F8AA285A -> C:\WINDOWS\System32\Drivers\avgtdi.sys, driver recognized as trusted
Checking - complete
2. Scanning memory
Number of processes found: 39
Number of modules loaded: 355
Scanning memory - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\WINDOWS\system32\pbusjlfm.dll --> Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\pbusjlfm.dll>>> Behavioural analysis
1. Reacts to events: keyboard, mouse, all events
C:\WINDOWS\system32\pbusjlfm.dll>>> Neural net: file with probability 1.03% like a typical keyboard/mouse events interceptor
C:\WINDOWS\system32\eesvxwbr.dll --> Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\eesvxwbr.dll>>> Behavioural analysis
1. Reacts to events: keyboard, mouse, all events
C:\WINDOWS\system32\eesvxwbr.dll>>> Neural net: file with probability 1.03% like a typical keyboard/mouse events interceptor
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Servizi terminal)
>> Services: potentially dangerous service allowed: SSDPSRV (Servizio di rilevamento SSDP)
>> Services: potentially dangerous service allowed: Schedule (Utilità di pianificazione)
>> Services: potentially dangerous service allowed: mnmsrvc (Condivisione desktop remoto di NetMeeting)
>> Services: potentially dangerous service allowed: RDSessMgr (Gestione sessione di assistenza mediante desktop remoto)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> Abnormal REG files association
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 394, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 29/07/2008 19.08.40
Time of scanning: 00:00:50
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address
http://virusinfo.info conference
Print